This March blog post is a follow up to the inquires and focuses on the features and controls of Office 365 and how they are designed to help organizations adhere to the upcoming GDPR compliance in May. We have compiled the most useful solutions pertaining to GDPR and for further information on their definitions/licenses please refer to Microsoft.com.

Securing users’ personal data is critical in your efforts for meeting GDPR obligations. It starts with discovering different types of personal data stored in the cloud. Below are some important Office 365 solutions that can help you identify and manage access to personal data: (reference: www.Microsoft.com).

Data Loss Prevention(DLP) in Office and Office 365 can identify over 80 common sensitive data types including financial, medical, and personally identifiable information. In addition, DLP allows organizations to configure actions to be taken upon identification to protect sensitive information and prevent its accidental disclosure.

Advanced Data Governanceuses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organization.

Office 365 eDiscovery search can be used to find text and metadata in content across your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online. In addition, powered by machine learning technologies, Office 365 Advanced eDiscovery can help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents.

Customer Lockboxfor Office 365 can help you meet compliance obligations for explicit data access authorization during service operations. When a Microsoft service engineer needs access to your data, access control is extended to you so that you can grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.

The next step is to verify and understand how to effectively protect personal data against security threats. Current Office 365 features that safeguard data and identify when a data breach occurs include:

Threat Intelligence helps you proactively uncover and protect against advanced threats in Office 365. Several factors including Microsoft’s global presence, the Intelligent Security Graph, and also input from cyber threat professionals—help you quickly and effectively enable alerts, dynamic policies, and security solutions.

Advanced Security Managementhelps you to identify high-risk and abnormal usage, alerting you to potential breaches. You can additionally set up activity policies to track and respond to high risk actions.

Office 365 audit logs allow you to monitor and track user and administrator activities across workloads in Office 365, which help with early detection and investigation of security and compliance issues.

In addition, Microsoft’s Enterprise Mobility + Security (EMS) solutions can help you provide continuous data protection on both on-premise and cloud irrespective of their device type (mobile, desktop etc.,). EMS solutions will also help in gaining visibility and providing control of data in your cloud apps. Below are the EMS solutions that can help business discover, manage and protect data: (reference: www.Microsoft.com)

Microsoft Cloud App Security helps you discover all the cloud apps in your environment, identify users and usage, and get a risk score for each app. You can then decide if you’d like your users to access these apps. Cloud App Security then provides visibility, control, and threat protection for the data stored in those cloud apps. You can shape your cloud security posture by setting policies and enforcing them on Microsoft and third-party cloud applications. Finally, whenever Cloud App Security discovers an anomaly, it sends you an alert. Microsoft Intune helps you protect data that may be stored on personal computers and mobile devices. You can control access, encrypt devices, selectively wipe data, and control which applications store and share personal data. Intune can help you inform users about your management choices by posting a custom privacy statement and terms of use. It also gives you the ability to rename or remove devices.

Microsoft Azure Information Protection helps ensure that your data is identifiable and secure, a key requirement of the GDPR—regardless of where it’s stored or how it’s shared. You can classify, label, and protect new or existing data, share it securely with people within or outside of your organization, track usage, and even revoke access remotely. Azure Information Protection also includes rich logging and reporting to monitor the distribution of data, and options to manage and control your encryption keys.

Microsoft Advanced Threat Analytics helps pinpoint breaches and identifies attackers using innovative behavioral analytics and anomaly detection technologies. Advanced Threat Analytics is deployed on-premises and works with your existing Active Directory deployment. It employs machine learning and the latest user and entity behavioral analytics to help find advanced persistent threats and detect suspicious activities and malicious attacks used by cybercriminals, to help identify breaches before they cause damage to your business.

We hope this information was helpful in your efforts to meet the upcoming GDPR compliance mandate. As mentioned in the previous post, this compliance requirement will affect close to two-thirds of U.S. companies. If you have not started your efforts to meet this new compliance or need consultation on how Microsoft Office 365 can help your organization comply, contract Microexcel’s Microsoft practice at info@microexcel.com.